DittoETH

Ditto

DeFiFoundryOracle

55,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Might deposit too low of an amount

Eric

Summary

The deposit() function in BridgeRouterFacet.sol may allow some users to deposit too little of a token

Vulnerability Details

function deposit(address bridge, uint88 amount)

external

nonReentrant

onlyValidBridge(bridge)

{

if (amount < Constants.MIN_DEPOSIT) revert Errors.UnderMinimumDeposit();

// @dev amount after deposit might be less, if bridge takes a fee

uint88 zethAmount = uint88(IBridge(bridge).deposit(msg.sender, amount)); // @dev(safe-cast)

...

The first line in this function enforces the user to deposit a minimum amount. However there is no guarantee that there will not be a fee taken during that deposit. If a fee is taken then the resultant 'zethAmount' may now potentially be less than said minimum.

Impact

Low - some user might have too small a balance. They can always add a little more

Tools Used

Visual inspection

Recommendations

Add another check to see if 'zethAmount' is >= Constants.MIN_DEPOSIT

Updates

Lead Judging Commences

0xnevi Lead Judge

almost 2 years ago

0xnevi Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Other

Prize pool breakdown

Total prize

55,000 USDC

nSLOC

3,365

16 USDC / LOC

High Medium

50,000 USDC

Low

5,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.